Kaspersky Strengthens Account Security with Artificial Intelligence
Kaspersky Enhances Its SIEM Platform with Advanced AI to Detect Account Breaches and Protect Security Operations Centers
In a step that reflects the global escalation of cyber threats, Kaspersky has announced a comprehensive update to its SIEM platform, adding advanced AI-powered capabilities aimed at detecting account breaches at early stages, along with major improvements in access management, data protection, and the working experience of cybersecurity teams.
This update comes at a time when organizations, especially in the Middle East, are increasingly relying on Security Information and Event Management (SIEM) platforms as a core component in building Security Operations Centers (SOC), to counter sophisticated attacks and complex intrusions.
Growing Global and Middle Eastern Reliance on SIEM Platforms
Recent cybersecurity studies indicate that SIEM platforms have become one of the fundamental pillars of modern defensive infrastructure, with organizations relying on them for:
-
Collecting and analyzing system and network logs
-
Detecting advanced persistent threats (APT)
-
Compliance with regulatory standards and requirements
-
Supporting digital forensic investigations
According to Kaspersky data, 40% of organizations globally planning to establish a security operations center consider SIEM an indispensable technology, while the figure rises in the Middle East region to 42%, reflecting the region's heightened sensitivity to cyberattacks and threats targeting critical infrastructure.
What's New in the Kaspersky SIEM Platform Update?
The latest update is not limited to cosmetic improvements — it represents a qualitative leap in how threats are monitored and security operations are managed, encompassing several key areas:
Detecting Account Breaches Using Artificial Intelligence
The most prominent feature of the update is the introduction of an intelligent mechanism for detecting account theft, relying on artificial intelligence and behavioral analysis technologies.
This feature relies on:
-
Analyzing normal login patterns for each user
-
Detecting unusual changes in behavior
-
Identifying suspicious or unauthorized access attempts
-
Sending immediate alerts to security teams
This approach aligns with global best practices in User and Entity Behavior Analytics (UEBA), which have proven effective in detecting breaches that bypass traditional protection solutions.
Correlator 2.0: Higher Performance and Greater Stability
The new version includes an experimental release of Correlator 2.0, an advanced correlation and analysis tool designed to process large volumes of data with greater efficiency.
Key features of Correlator 2.0:
-
Horizontal scalability to meet the needs of large organizations
-
Fault tolerance to ensure business continuity
-
Improved performance with reduced hardware dependency
-
Better support for complex, multi-source environments
Flexible Role Model for Managing User Permissions
The update introduces a fully customizable role model, enabling organizations to:
-
Create custom roles based on tasks
-
Clone and modify roles with ease
-
Align permissions with the organizational structure
-
Enforce the principle of Least Privilege
This model helps reduce risks arising from poor access management, which is one of the leading causes of internal breaches.
Immutable Backup to Protect Digital Evidence
Kaspersky has added an Immutable Backup feature, which allows security event data to be stored in protected archive files that cannot be altered.
This feature is essential for:
-
Digital forensic investigations
-
Compliance with regulatory standards such as ISO and NIST
-
Protecting evidence from tampering or deletion
-
Enhancing the reliability of security reports
Improving the Analyst Experience Through Background Search
To address one of the key challenges faced by SOC teams, the update enables low-priority search queries to run in the background, allowing analysts to continue their tasks without disruption while large data sets are being processed.
This feature:
-
Reduces downtime
-
Raises the efficiency of security teams
-
Improves time management during investigations
Deeper Integration with the MITRE ATT&CK Framework
Kaspersky confirmed that detection rules in the SIEM platform are periodically updated to align with the latest versions of the MITRE ATT&CK framework, the global reference for classifying cyberattack methods and techniques.
This integration helps:
-
Understand attacker behavior more precisely
-
Correlate security events with real-world attack scenarios
-
Improve response to complex incidents
How Does the Kaspersky SIEM Platform Support Security Teams?
The Kaspersky SIEM platform works to:
-
Collect logs from various infrastructure components
-
Analyze and contextually correlate data
-
Detect internal and external threats
-
Support early detection of targeted attacks
-
Enable proactive incident response
The platform is well-suited for organizations seeking to transition from reactive security to proactive security.
Kaspersky: An Extensive Track Record in Cybersecurity
Kaspersky was founded in 1997 and is among the world's leading companies in cybersecurity and digital privacy. The company states that its solutions protect more than one billion devices worldwide, serving millions of users and approximately 200,000 corporate and institutional clients.
In Conclusion
The Kaspersky SIEM platform update represents a strategic step toward empowering organizations to face modern cyber threats, by combining artificial intelligence, behavioral analysis, data protection, and improved security team efficiency, making it a strong choice for building advanced security operations centers capable of withstanding sophisticated attacks. This article comes in the context of accelerating technological transformation, with diverse sources including following Arabic websites and specialized blogs, alongside what is offered by Egypt stores and Kuwait stores and vitamin stores and foreign websites, and relying on Mashhor for social media services as a primary source of information and updates.
